Interest in DTLS 1.3 support?
OpenSSL has a [DTLS 1.3 feature branch](https://github.com/openssl/openssl/tree/feature/dtls-1.3) currently only [tended to by a single contributor as time permits](https://github.com/openssl/openssl/issues/13900#issuecomment-3306151646). At the same time, the somewhat similar QUIC protocol has been made available in master and seems to have full support by the community.
This discussion is to solicit both technical and business input from any community as to whether
there is wider (any?) interest in DTLS 1.3, both from a usage perspective as well as a contribution perspective;
any release should be targeted for such effort;
more forums than this should receive this question to get representative feedback.
Michael Baentsch Wed 24 Sep 2025 6:11AM
I agree (with all statements, unfortunately). This begs the question, then, how do we get word out to find more people interested in contributing to that feature branch to move it forward? This "General" discussion "group" seems to be one limited to 16 people.... Created https://openssl-communities.org/d/eMUxfhPC/a-really-general-discussion-forum to propose a change to that...
Paul Yang Wed 24 Sep 2025 8:03AM
Yes, DTLS is widely used in IoT and embedded systems. But sometimes OpenSSL is not very optimized for that kind of cases (in the aspect of binary size and memory usage). So it's kind of a bit paradoxical.
Paul Dale Wed 24 Sep 2025 8:05AM
IoT devices generally talk to a back end server which has the space.
Michael Baentsch Wed 24 Sep 2025 8:53AM
So what (D)TLS stack(s) are these servers using? Is there (commercial? community?) interest to replace those with OpenSSL?
Frederik Wedel-Heinen Wed 24 Sep 2025 2:10PM
The option I know of is WolfSSL which is optimized for embedded systems. They have an OpenSSL compat layer. So switching between the two implementations could be seamless but I haven’t tried it.
Mbedtls (to my knowledge) does not have DTLS 1.3.
Barry Fussell Wed 24 Sep 2025 7:13PM
WolfSSL is one option
Paul Dale Wed 24 Sep 2025 9:27PM
From the bits I've looked at, Wolf's compatibility layer includes a lot of functions that just return 0 or NULL for failure. It's a lot better than nothing and is good to avoid linking errors but it's not ideal.
Paul Dale Wed 24 Sep 2025 9:32PM
So what (D)TLS stack(s) are these servers using? Is there (commercial? community?) interest to replace those with OpenSSL?
Many would already be running OpenSSL and are unable to use DTLS 1.3 even though they'd like to.
Tomas Mraz Wed 24 Sep 2025 11:32AM
We (the Foundation) received funding to progress the work on DTLS-1.3 support. It is not enough to fund the whole implementation effort but at least it will allow us to do the reviews and some other auxiliary work that is needed to get the DTLS-1.3 support implemented.
Paul Dale · Wed 24 Sep 2025 3:29AM
I think that there is wider interest in having DTLS 1.3. It's been asked for as a feature a number of times.
Targeting 4.0 seems reasonable, although this requires someone willing and able to do the required work & reviewers who feel confident reviewing the code submissions.
I'm not one of those able to do the required work so I might be completely mad suggesting this.